CVE-2023-22895

Name of the Vulnerable Software and Affected Versions bzip2 crate versions prior to 0.4.4

Description The issue allows attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. This can lead to a denial of service (DoS) vector. Both Decompress and Compress implementations can enter into infinite loops given specific payloads that trigger it.

Recommendations For versions prior to 0.4.4, update the bzip2 crate to 0.4.4 to resolve the issue. As a temporary workaround, consider avoiding the use of the crate with untrusted data until the update is applied.